Mobile Malware: What Makes It Dangerous?

By Shyam Oza

Do you start and end every day by checking your emails? Well, you are not alone! Almost 85 percent of people use their smartphones to access their emails, which is, unfortunately, where the danger lies. It’s lucrative for hackers to target smartphones since they do not have the same security measures that businesses have in place for workstations and servers.

That means no firewalls, encryption, or antimalware software to protect data stored on Office 365 or G Suite for example.

What is Mobile Malware?

Mobile malware is malicious software that hackers use to specifically target and collapse operating systems on smartphones, tablets and smartwatches in order to steal confidential data. Over the years, both malware types and their distribution methods have become increasingly more sophisticated compared to their early days.

History of Mobile Malware

2000 – The first virus. Discovered by Russian and Finnish antivirus labs and was named Timofonica. The virus sent mass SMS messages to GSM phones criticizing the Spanish operator Telefonica.

2004 – The worm. ‘Cabir’ spread via Bluetooth and targeted the Symbian operations system that was used on most mobile phones at the time.

2007 – The first mobile spyware. Attackers used FlexiSpy to record phone calls and collect SMS messages.

2011 – The evolution of Cabir. Later versions turned lethal as Android security pros started reporting a new incident every few weeks. The malware either installed itself or was installed on devices by unwitting mobile users to perform functions without their knowledge.

2013 – The big break. FakeDefender was the first ransomware to break through, targeting Android devices and displaying fake security alerts to get victims to buy an app to remove the fake threats.

Types of Mobile Malware

The dark realm of mobile malware is versatile and complicated. Here are a few types of mobile malware that will help you better understand how that world operates.

1. Spyware and sketchy marketers

Spyware masquerades as a legitimate app. Without user consent, it synchronizes with calendar apps, email accounts and other apps that store important information. It monitors your activity, current location, usernames and passwords, and then sends this data to a third party. Depraved marketers often use spyware to launch mobile adware, aka Madware. Fireball is a deadly Madware that takes over a browser and modifies it to serve the marketer’s needs. It also contains tracking pixels that gather data for marketing purposes.

2. Trojans and their love for banks

Mobile trojans attach themselves to legitimate apps and when the user opens the program, the malware is activated. It infects and deactivates other applications or paralyzes the device itself. Mobile trojans are popularly used to mine banking information and are also called banking trojans. Zeus is a banking trojan designed to steal banking credentials from infected smartphones. Keylogging is used to get around the two-factor authentication (2FA) that’s popularly used by mobile users to access banking portals.

3. Mobile Phishing: The new threat in town

Mobile phishing is a perfected version of traditional phishing where hackers use email and SMS messages to payload malware. SMS phishing (SMShing) happens when hackers embed malicious links in messages and trick users into clicking on them. One popular tactic is asking users to update the app via a link and once the users click the link, the hackers gain access to credentials for Office 365 or G Suite for example. The fact that 57 percent of organizations have specifically experienced a mobile phishing attack is a testament to the success of this method of attack.

Malware Security: Android Vs. iPhone

Malware mercenaries are exploiting mobile devices now more than ever. This, of course, begs the question – which mobile operating system is more secure? Android or iOS? According to a Nokia Threat Intelligence Report, Android devices are nearly 50 times more likely to be infected by malware than Apple devices.

Cybercriminals aren’t just attracted by the sheer number of Android users, but by the open source system the OS uses. It allows them to modify Google-owned OS, leading to potential security loopholes. Compare that with Apple’s closed system, which makes it difficult to change the codes on the phones.

That said, although iOS may be relatively secure, it isn’t impossible to crack. The iOS-based malware, XCodeGhost, has shown that malicious apps can pass through Apple’s code review process and infect iPhones and iPads.

Protection Against Mobile Malware

Here are a few ways you can protect your mobile device from infection:

Mobile device policy. Whether your employees use company-owned or personal mobiles, you need to set mobile-use policies to build mobile security best practices.

Update applications. Always ensure you’re installing new updates that help you run applications with the latest security patches.

Train employees. Make employees aware of mobile malware and the strategies they can take to protect themselves against it.

Back up Your Smartphone with Spanning

Even with the best protection measures and training, there is still a good chance your mobile data could fall into the wrong hands. And this is where Spanning Backup comes in. Spanning’s cloud-native, purpose-built solutions for Office 365, G Suite and Salesforce protect your organization’s critical data that lives on your mobile device from loss caused by ransomware and malware attacks, human error, and malicious behavior.